Chrome extensions leak data...- http://www.informati...endly=this-pageSeptember 29, 2011 - "A review of 100 Google Chrome extensions, including the 50 most popular selections, found that 27% of them contain one or more vulnerabilities that could be exploited by attackers either via the Web or unsecured Wi-Fi hotspots. Those findings come from a study being conducted by security researchers Nicholas Carlini and Prateek Saxena at University of California, Berkeley. In particular, they analyzed the 50 most popular Chrome extensions, as well as 50 others selected at random, for JavaScript injection vulnerabilities, since such bugs can enable an attacker to take complete control of an extension. The researchers found that 27 of the 100 extensions studied contained one or more injection vulnerabilities, for a total of 51 vulnerabilities across all of the extensions. The researchers also said that seven of the vulnerable extensions were used by 300,000 people or more... attackers have turned their attention to exploiting vulnerabilities in the third-party code - including add-ons and extensions - used by browsers."

This machine has no brain.
......... Use your own.Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.Hacks only need to find -1- to get in...
.

SpyEye hijacks SMS security...- https://www.trusteer...nd-sms-securityOctober 05, 2011 - "... recently uncovered a stealth new attack carried out by the SpyEye Trojan that circumvents mobile SMS (short message service) security measures implemented by many banks. Using code we captured while protecting a Rapport user, we discovered a two-step web-based attack that allows fraudsters to change the mobile phone number in a victimís online banking account and reroute SMS confirmation codes used to verify online transactions. This attack, when successful, enables the thieves to make transactions on the userís account and confirm the transactions without the userís knowledge... This latest SpyEye configuration demonstrates that out-of-band authentication (OOBA) systems, including SMS-based solutions, are not fool-proof. Using a combination of MITB (man in the browser injection) technology and social engineering, fraudsters are not only able to bypass OOBA but also buy themselves more time since the transactions have been verified and fly under the radar of fraud detection systems. The only way to defeat this new attack once a computer has been infected with SpyEye is using endpoint security that blocks MITB techniques..."(More detail available at the trusteer URL above.)

This machine has no brain.
......... Use your own.Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.Hacks only need to find -1- to get in...
.

HTML5 – The Ugly ...- http://blog.trendmic...html5-the-ugly/Nov. 30, 2011 - "... With HTML5, attacker(s) can now create a botnet which will run on any OS, in any location, on any device. Being heavily memory-based, it barely touches the disk, making it difficult to detect with traditional file-based antivirus. JavaScript code is also very easy to obfuscate, so network IDS signature will also have a very hard time. Finally, being web-based, it will easily pass through most firewalls. Stages of A Browser-Based Botnet Attack..."(More detail at the trendmicro URL above.)...___

Rogue Chrome browser extensions ...- https://www.computer...hrome_Web_StoreMarch 26, 2012 - "Cybercriminals are uploading malicious Chrome browser extensions to the official Chrome Web Store and use them to hijack Facebook accounts, according to security researchers from Kaspersky Lab*. The rogue extensions are advertised on Facebook by scammers and claim to allow changing the color of profile pages, tracking profile visitors or even removing social media viruses... Once installed in the browser, these extensions give attackers complete control over the victim's Facebook account and can be used to spam their friends or to Like pages without authorization. In one case, a rogue extension masqueraded as Adobe Flash Player and was hosted on the official Chrome Web Store... By the time it was identified, it had already been installed by 923 users... Few users are aware that browser extensions can intercept everything they do through the browser. Security compromises based on rogue browser extensions are also more persistent than those based on password theft or other methods, because these extensions can piggyback on active sessions to perform unauthorized actions even if the account owners change their passwords or enable two-factor authentication..."* http://www.securelis...rome_extensions

Edited by AplusWebMaster, 26 March 2012 - 02:39 PM.

This machine has no brain.
......... Use your own.Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.Hacks only need to find -1- to get in...
.

Cross-browser worm uses commercial Javascript extension engine- http://h-online.com/-158293123 May 2012 - "A cross-browser worm spreading across Facebook is using a commercial cross-browser extension engine. That was the finding made by Kaspersky's Sergey Golovanov who reported* on his examination of the "LilyJade" worm. Golovanov found that a system called Crossrider is used by LilyJade. Crossrider allows developers to write extensions for the browser to its own API and then allows that code to work as a portable extension on Internet Explorer (version 7 or later), Chrome and Firefox. But when you have malware as a portable extension it can also infect browsers running on Linux or Mac OS X as well. Most AV software will not look for it as it is purely JavaScript and doesn't try to leave the browser. Malicious extensions are not new but have traditionally been written to target a particular browser Ė by using the Crossrider cross-browser extension kit, the LilyJade authors have ensured the maximum coverage for their MitB (Man in the Browser) attack. The LilyJade malware's actual payload appears to be focused on click fraud, spoofing ad modules on Yahoo, YouTube, Bing/MSN, AOL, Google and Facebook. It also has a Facebook-based proliferation mechanism..."* https://www.secureli...yJade_in_action

This machine has no brain.
......... Use your own.Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.Hacks only need to find -1- to get in...
.

- https://www.net-secu...ld.php?id=1361418 Sep 2012 - "... The Rapid7 team got right on it and created a module exploiting the vulnerability for the Metasploit exploit toolkit during the weekend, and advised IE users to switch to other browsers such as Chrome or Firefox until Microsoft patches the flaw security update becomes available. Microsoft has reacted fast by issuing a security advisory yesterday, in which it confirms the existence of the flaw in Internet explorer 9 and all previous versions (IE10 is not affected), and offers instructions on steps the users can take to mitigate - but not yet remove - the threat:• Deploy the Enhanced Mitigation Experience Toolkit (EMET) and configure it for Internet Explorer• Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.These steps could bring additional problems to the users, such as being bombarded by a slew of security warnings, so until Microsoft releases a definitive patch for the hole, maybe it would be easier for IE users to take Rapid7's advice and switch to another browser for the time being."

- http://h-online.com/-171005818 Sep 2012 - "... It remains to be seen whether patching the vulnerability will have to wait for the next scheduled Patch Tuesday in October or whether an unscheduled patch will be released..."

- https://isc.sans.edu...l?storyid=14107Last Updated: 2012-09-17 - "... there is code in-the-wild that exploits this (since Sept14th)... there is no patch for it yet. If you're still running IE7, 8 or 9, today is a good day to think about switching browsers for a couple of weeks... (this zero day affects not just IE8, but also IE7 and IE9)..."

- http://labs.alienvau...ed-in-the-wild/Sep 17, 2012 - "... The payload dropped is Poison Ivy...> https://www.virustot...c32c6/analysis/File name: a01dee0fdb5a752afea044c4e4fe4534ef5a23f6Detection ratio: 25/42Analysis date: 2012-09-18 06:19:29 UTCThe C&C server configured is ie.aq1 .co.uk that is currently resolving to 12.163.32.15 ...We’ve also seen that the domain used in the previous attacks hello.icon .pk is also pointing to the new IP address. Once executed, the payload creates the file C:\WINDOWS\system32\mspmsnsv.dll and the service WmdmPmSN is configured and started..."

- http://h-online.com/-170959217 Sep 2012 - "... the remote administration tool (RAT) Poison Ivy is currently being distributed in this way in order to give the attackers complete access to the infected system. Users running Internet Explorer can play it safe by switching to another web browser..."

- http://www.symantec....-exploited-wild17 Sep 2012 - "... this exploit was hosted on the same servers used in the Nitro attack*..."* http://www.symantec....tro_attacks.pdfPg. 4 - PDF file: "... the threat used to compromise the targeted networks is Poison Ivy, a Remote Access Tool (RAT)... It comes fully loaded with a number of plug-ins to give an attacker complete control of the compromised computer..."

- https://community.ra...y-in-metasploitSep 17, 2012 - "... get compromised simply by visiting a malicious website, which gives the attacker the same privileges as the current user. Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available. The exploit had already been used by malicious attackers in the wild before it was published in Metasploit..."

Edited by AplusWebMaster, 22 September 2012 - 07:18 AM.

This machine has no brain.
......... Use your own.Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.Hacks only need to find -1- to get in...
.

Vulnerable browsers (out-of-date) put users at riskMany users are waiting a month or more to apply important security updates that can protect them from exploits and malware.- https://www.computer...t_users_at_riskNov 9, 2012 - "According to the results of a new survey from security software vendor Kaspersky*, nearly a quarter of the browsers currently in use are out of date. Surfing the Web with a vulnerable browser is a recipe for disaster. The Web browser has evolved to become the primary software used on many PCs. People access their email, surf websites, create documents and spreadsheets, access cloud-based file storage and sharing sites, and share with others on social networking sites - all through the browser. Attackers know this as well, which is why it is exceptionally risky to use a browser with known vulnerabilities... researchers analyzed the browser usage data from millions of customers around the world, and uncovered some concerning trends.- 23% of browsers are not current: 14.5% are still using the previous version, while 8.5% are using even older, obsolete versions.- When a new version of a browser is released, it can take nearly 10 days for it to surpass the previous version in usage, and an average of about a month for a majority of users to upgrade.... With the holiday shopping season getting ready to kick off, millions of users will be researching gift ideas, and making holiday gift purchases online. Attackers have marked their calendars as well, and there will almost certainly be a spike in Web-based attacks. It's even more important during the holiday season to make sure you keep your browser, and your security software up to date."* http://www.kaspersky...e_ENG_Final.pdf

This machine has no brain.
......... Use your own.Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.Hacks only need to find -1- to get in...
.

Browsers hacked at Pwn2Own...
- http://h-online.com/-1819164
8 March 2013 - "The Pwn2Own competition at CanSecWest has come to an end with the second day being like the first day. No web browser plugin survived being attacked and Adobe Flash, Adobe Reader XI and Java were all successfully hacked. Vupen security, who had demonstrated exploits of Internet Explorer 10*, Firefox** and Java on day one, returned with an exploit for Adobe Flash... In response to day one's exploits, both Mozilla and Google*** have shipped updates to their browsers. Mozilla's Firefox has been updated to version 19.0.2 with a fix for the vulnerability; the same fix, for a use-after-free in the HTML editor which could lead to arbitrary code execution..."
* https://technet.micr...lletin/ms13-021
March 12, 2013 - Critical - IE 6, 7, 8, 9, 10

Users ignore Chrome security warnings...
- http://www.theregist...secure_browser/
15 July 2013 - "... The study, Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness (PDF*) collected “25,405,944 warning impressions in Google Chrome and Mozilla Firefox in May and June 2013” and found thatplenty were ignored.
Here's the basic data.
>> http://regmedia.co.u...owser_study.png
... The study's authors, one Googler and Devdatta Akhawe of the University of California, Berkeley, are not sure why Chrome users are so blasé. False positives are one possible reason, differing levels of competence among users are also found to account for another point or two of difference. “Warning fatigue” is advanced as another reason users ignore warnings, and the study re-learns one of the lessons of Windows Vista by pondering if fewer warnings may be one way to improve security..."
* http://www.cs.berkel...warningland.pdf

Edited by AplusWebMaster, 15 July 2013 - 08:15 AM.

This machine has no brain.
......... Use your own.Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.Hacks only need to find -1- to get in...
.

Fake extensions for Chrome or Firefox - hijack...
- http://blog.trendmic...rowser-add-ons/
July 30, 2013 - "We spotted yet another threat lurking around social media sites targeting users of either Google Chrome or Mozilla Firefox. This threat uses fake extensions for both browsers to infiltrate user systems and hijack social media accounts – specifically, Facebook, Google+, and Twitter accounts. To install these fake extensions, users would see various lures on social media sites to try to get users to install a fake video player update. In reality, this player update is a -malicious- file detected as TROJ_FEBUSER.AA, installs a browser plugin depending on the browser currently being used. One earlier version we saw for Google Chrome, detected as JS_FEBUSER.AA, identifies itself as Chrome Service Pack 5.0.0. In the case of Mozilla Firefox, the fake plugin is Mozilla Service Pack 5.0:
> http://blog.trendmic...S-AA-plugin.jpg
Google Chrome has since flagged this particular plugin as malicious. An updated version of the plugin, detected as JS_FEBUSER.AB, is identified as F-Secure Security Pack 6.1.0 (for Google Chrome) and F-Secure Security Pack 6.1 (for Mozilla Firefox):
> http://blog.trendmic...S-AB-plugin.jpg
Once installed, it connects to a malicious URL to download a configuration file. It uses the details on that configuration file to hijack the user’s social media accounts and perform the following actions, -without- any authorization from the user:
• Like pages
• Share posts
• Join a group
• Invite friends to a group
• Chat with friends
• Post comments
• Update status
This threat tries to perform the above actions on three different social networks: Facebook, Google+, and Twitter. Because of this, in effect, the attackers are able to hijack the accounts of the users and could, for example, use them to spread links to other malicious sites. One more thing to note: the fake video player update is digitally signed... Users are once more reminded to always be aware and vigilant of such scams..."

Browser plugins - up-to-date? ...- http://www.theregist...ser_insecurity/Dec 2, 2013 - "... findings, based on 1.4 million BrowserCheck* computer scans, paint a picture of e-commerce buyers left wide open to attacks by cybercriminals just before the busiest online shopping period of the year. Browser vulnerabilities are routinely used to push malware at victims from compromised (often otherwise legitimate) websites through drive-by download attacks. Chrome has close to 40 per cent of its instances afflicted with a critical vulnerability. Similar numbers apply to Firefox and Internet Explorer, which have 35 per cent and 41 per cent of their instances vulnerable to attacks. Safari (29 per cent) and Opera (34 per cent) came in as the best of a bad bunch, according to the figures from Qualys**..."** https://community.qu...shopping-online

Chrome Pop-Up to warn Windows users of Browser Hijacking
- http://threatpost.co...ijacking/104009
Feb 3, 2014 - "A rising number of online -scams- involve the modification of browser settings where a hacker spikes a free download or website with malware. The end result is generally a click-fraud scheme of some kind where the new browser settings might include spiked search engine pages or a new home page enticing the user to click on a link where the attacker would profit from the click. Google says hijacked settings are Chrome users’ No. 1 complaint, and late last week it enhanced an existing feature* in the browser to get a little more in your face about fending off hijacking attempts..."
* http://chrome.blogsp...d-settings.html

Your Browser is Out of Date – or is it?
- https://blog.malware...-date-or-is-it/
Jan 22, 2015 - "Do you need to “update” your browser? Think fast, because it’s time for a website to ask you that exact question! browser-updater(dot)com* takes a look at what browser you’re running, -alters- the content of the landing page to make it 'relevant' then lets you know in no uncertain terms that you could do with a bit of updating... neither page mentions security, which is typically the most common approach... As far as the file served goes, it kept crashing in testing but according to this page** on Urlquery the site has offered up something which claims to “Improve Browser Speed”..."
** https://urlquery.net...d=1417544772066